Overview

overview

10

Static

static

Confirm.exe

windows7_x64

10

Confirm.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Confirm.exe

  • Size

    1011KB

  • Sample

    210116-q3k2s3c95s

  • MD5

    6350717e7a76e3c7a926f5e1e123b819

  • SHA1

    93e3b8299963504ccd6d623b1814d9df69fcec5c

  • SHA256

    3dcb1921c04d6f8e9974127b4ed2d691021dae212fd4b2e9d82e3d83e7537733

  • SHA512

    e1c7198f72e40fa653f50a23279345bd88826bc05f75c292c82c1efba959cb62a14c084c58ec715a836c50b3278cc628eb8502b3ecd17bd5c8a81eb96e686793

Score
10/10
formbookratspywarestealertrojan

Malware Config

Extracted

Family

formbook

C2

http://www.deuxus.com/t052/

Decoy

ladybug-learning.com

unforgottenstory.com

oldmopaiv.xyz

natashaexim.com

hannahmcelgunn.com

retargetingmachines.info

njoconline.com

unicornlankadelivery.com

giftkerala.com

englishfordoctors.online

schatzilandrvresort.com

brujoisaac.com

basiccampinggear.com

escapees.today

dgyxsy888.com

stevebana.xyz

mimozakebap.com

ezdoff.com

pluumyspalace.com

shaoshanshan.com

Targets

    • Target

      Confirm.exe

    • Size

      1011KB

    • MD5

      6350717e7a76e3c7a926f5e1e123b819

    • SHA1

      93e3b8299963504ccd6d623b1814d9df69fcec5c

    • SHA256

      3dcb1921c04d6f8e9974127b4ed2d691021dae212fd4b2e9d82e3d83e7537733

    • SHA512

      e1c7198f72e40fa653f50a23279345bd88826bc05f75c292c82c1efba959cb62a14c084c58ec715a836c50b3278cc628eb8502b3ecd17bd5c8a81eb96e686793

    Score
    10/10
    formbookratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks